Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-02 06:00:01 2014-07-02 06:01:59 118 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-02 06:00:02 2014-07-02 06:01:59

File Details

File name order_id_467832647826378462387462837.exe
File size 125952 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 B5859E65
MD5 6d5233121a000e645f78dcf9cafb8630
SHA1 a65283d99f463cc07615147e2d2b3e2d9dfd1505
SHA256 2174b3f0b1204b741b380daaeb30bcb0e847de415078ecc11128f3cef3dc6038
SHA512 1df73bfd372a6fa2533deec724ceefb51726ad52808c6e4f0bfc259fd0fc814e37e9797c81ffaa5cb5c53ee7c662c30bc3c7b1493de4efd70d841ff507644225
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-02 09:59:37
Detection Rate: 2/54 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_id_467832647826378462387462837.exe PID: 456, Parent PID: 220

Volatility

Nothing to display.